US12069171B2ActiveUtilityA1

Hardware security module

66
Assignee: WINCOR NIXDORF INT GMBHPriority: Nov 5, 2018Filed: Nov 5, 2019Granted: Aug 20, 2024
Est. expiryNov 5, 2038(~12.3 yrs left)· nominal 20-yr term from priority
H04L 67/104H04L 9/3247H04L 9/3236H04L 9/12H04L 9/0897H04L 9/0877H04L 9/3234G06F 21/71G06F 21/602G06F 21/57H04L 67/1008G06F 21/33H04L 63/0823
66
PatentIndex Score
1
Cited by
32
References
17
Claims

Abstract

According to one exemplary embodiment, a hardware security module is described, having a receiver, which is configured to receive instructions for performing cryptographic operations, and a control device, which is configured to take an instruction load of the hardware security module as a basis for deciding whether one or more instructions should be relocated and, if one or more instructions should be relocated, to determine another hardware security module for relocating the one or more instructions, to authenticate the other hardware security module and to request the execution of the one or more instructions by the other hardware security module.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A hardware security module, comprising:
 a receiver configured to receive one or more instructions to perform cryptographic operations, and a control device configured to: 
 place the one or more instructions in an instruction queue, the instruction queue having an instruction load, where the instruction load is the fill level of the instruction queue; 
 monitor the instruction queue, and determine when the instruction load is above a specified threshold value; 
 based upon the determination that the instruction load is above the specified threshold value, decide that the one or more instructions are to be relocated; identify a second hardware security module for relocating the one or more instructions; 
 authenticate the second hardware security module; and 
 request processing of the one or more instructions by the second hardware security module, and relocate the one or more instructions to the second hardware security module. 
 
     
     
       2. The hardware security module as claimed in  claim 1 , wherein the control device is configured to configure the second hardware security module for executing the one or more instructions. 
     
     
       3. The hardware security module as claimed in  claim 1 , wherein the control device is configured to clone a configuration of the hardware security module onto the second hardware security module in order to process the one or more instructions. 
     
     
       4. The hardware security module as claimed in  claim 1 , wherein the control device is configured to send the one or more instructions to the second hardware security module by a peer-to-peer communication link. 
     
     
       5. The hardware security module as claimed in  claim 1 , wherein the control device is configured to allocate the second hardware security module to process the one or more instructions and is configured to release the second hardware security module after processing of the one or more instructions. 
     
     
       6. The hardware security module as claimed in  claim 1 , wherein the control device is configured to determine a number of the one or more instructions to be relocated to the second hardware security module, based on the instruction load of the hardware security module. 
     
     
       7. The hardware security module as claimed in  claim 1 , wherein the control device is configured to relocate the one or more instructions until the instruction load falls below the specified threshold value. 
     
     
       8. The hardware security module as claimed in  claim 1 ,
 wherein the control device is configured to authenticate the second hardware security module based on a signature generated by the second hardware security module. 
 
     
     
       9. The hardware security module as claimed in  claim 1 ,
 wherein the hardware security module and the second hardware security module have separate hardware for performing cryptographic operations. 
 
     
     
       10. A method of operating a hardware security module comprising:
 receiving, with a receiver of the hardware security module, one or more instructions to perform cryptographic operations; 
 placing, with a control device of the hardware security module, the one or more instructions in an instruction queue, the instruction queue having an instruction 
 load, where the instruction load is the fill level of the instruction queue; 
 monitoring, with the control device of the hardware security module, the instruction queue, and determining with the control device of the hardware security module that the 
 instruction load is above a specified threshold value; 
 based upon the determination that the instruction load is above the specified threshold value, deciding, with the control device of the hardware security module, that the one or more instructions are to be relocated; 
 identifying, with the control device of the hardware security module, a second hardware security module for relocating the one or more instructions; 
 authenticating, with the control device of the hardware security module, the second hardware security module; and 
 requesting, with the control device of the hardware security module, the second hardware security module process the one or more instructions and relocating the one or more instructions to the second hardware security module. 
 
     
     
       11. The method of  claim 10  further comprising:
 communicating with the second hardware security module, by the control device of the hardware security module, by dividing at least one communication into different, independent sessions according to a secret-sharing principle. 
 
     
     
       12. The method of  claim 11  further comprising:
 detecting, with the control device of the hardware security module, a forced opening of a housing of the hardware security module; and 
 deleting, with the control device of the hardware security module, all security-relevant information stored by the hardware security module, including cryptographic keys. 
 
     
     
       13. The method of  claim 12  further comprising:
 outputting, with the control device of the hardware security module, a result of processing the one or more of the instructions and a status that indicates that an error occurred, wherein the exact error details are not output. 
 
     
     
       14. The method of  claim 13  further comprising:
 protecting keys stored in a crypto-unit with at least one hardware-based protective measure; and 
 sending, with the control device of the hardware security module, in response to 
 compromising of the crypto-unit, a message to a configurable receiver over one of a network, a mobile network, a telephone network, and a satellite for external monitoring of the hardware security module. 
 
     
     
       15. The method of  claim 14  further comprising:
 fetching, with the control device of the hardware security module, the one or more of the instructions from the instruction queue, wherein the instruction queue is not stored on a secure hardware area of the hardware security module. 
 
     
     
       16. The method of  claim 14  further comprising:
 storing, with the control device of the hardware security module, the one or more of the instructions redundantly on copies of the instruction queue maintained by the hardware security module and at least the second hardware security module. 
 
     
     
       17. The method of  claim 16  wherein said authenticating further comprises:
 authenticating, with the control device of the hardware security module, the second hardware security module such that the second hardware security module discloses no information regarding a computer system that currently occupies the second hardware security module.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.